[OWASP-TESTING] Application security Document

Dinis Cruz dinis at ddplus.net
Tue Mar 16 23:30:36 EST 2004


I have been following this project and although I haven’t had the time
to send in my comments to the files posted, I would like to contribute
the attached document.

This document (which I believe contains several questions and 'requests
for information' relevant to this project) was created by me whilst
working on a security audit to a EDRM software (EDRM is Electronic
Document & Records Management) The document contains the purchaser's
security requirements.

They are basically the security questions that the company buying the
software (the purchaser) is asking to the software supplier (I removed
all references to the customer and software provider).

I think that it very important to provide these 'buyers' as much
security information as possible. This will allow them to put pressure
on the software manufactures, and be able to retrieve direct and strait
security answers (versus the Marketing stuff) 

I have now finished the security audit and am currently writing the
report. Once it is completed I will also post here a copy, which will
contain details about my methodology and the vulnerabilities discovered
(if I have time I will also try to convert some of my data into the main
OWASP-testing document's format)

Best regards

Dinis Cruz

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.590 / Virus Database: 373 - Release Date: 16/02/2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Security requirements for EDRM Solution V0.96.doc
Type: application/msword
Size: 435712 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20040317/5ba923dd/attachment.doc 

More information about the Owasp-testing mailing list